View Source Lightning.Policies.Provisioning (Lightning v2.10.4)

The Bodyguard Policy module for users roles.

Summary

Types

actions()

Functions

authorize(arg1, user, project)

authorize/3 takes an action, a user or a project repo connection, and a project. It checks the user's role for this project and returns true if the user can perform the action and false if they cannot.

Types

Link to this type

actions()

View Source 
@type actions() :: :provision_project | :describe_project

Functions

Link to this function

authorize(arg1, user, project)

View Source 
@spec authorize(
  actions(),
  Lightning.Accounts.User.t(),
  Lightning.Projects.Project.t()
) :: boolean()

authorize/3 takes an action, a user or a project repo connection, and a project. It checks the user's role for this project and returns true if the user can perform the action and false if they cannot.

Note that permissions are grouped by action.

We deny by default, so if a user's role is not added to the allow roles list for a particular action they are denied.

Only a superuser can provision a new project.

Owners and admins can update existing projects.